This document serves as a design guide for those intending to deploy a site-to-site VPN based on IP
Security (IPsec). The designs presented in this document focus on Cisco IOS VPN router platforms.
The primary topology described in this document is a hub-and-spoke design, where the primary
enterprise resources are located in a large central site, with a number of smaller sites or branch offices
connected directly to the central site over a VPN. A high-level diagram of this topology is shown in
Figure 1....

The purpose of this module is to explain Virtual Private Network (VPN) concepts
and to overview various L2 and L3 tunneling techniques that allow for
implementation of VPNs. The access VPN features in Cisco IOS Release 12.1
are explained along with Layer 2 and Layer 3 tunneling mechanisms.

Module 6: Configuring and troubleshooting routing and remote access. To support your organization’s distributed workforce, you must become familiar with technologies that enable remote users to connect to your organization’s network infrastructure. These technologies include virtual private networks (VPNs) and DirectAccess. It is important that you understand how to configure and secure your remote access clients by using network policies. This module explains how to configure and troubleshoot routing and remote access in Windows Server 2008.

This design guide evaluates Cisco VPN product performance in scalable and resilient site-to-site VPN
topologies, using Cisco VPN routers running Cisco IOS Software, with IPsec as the tunneling method.
The concepts presented can also be applied to other Cisco products that do not run Cisco IOS software.
This design guide begins with an overview, followed by design recommendations and product selection
and performance information. Finally, partial configuration examples are presented.